In this post-Snowden world, people are worried about who might be listening to their communications. Cryptocat (free, App Store) is a very simple app that will secure your conversations with your pals. Plus, it's cross compatible with OS X and browser clients, and the developer says an Android version is coming soon. But Cryptocat is not like other messaging services, and it's not trying to be a secure replacement for SMS. It lacks media attachments, buddylists, and profiles; instead it focuses on a totally secure and deniable model. I can't imagine using it every day, but it's quite good for quickly and easily sharing secrets. Think of it like a disposable "burner" cell phone for instant messaging.

//Compare Similar Products

Setup Cryptocat is very different from most other chatting services and might not seem very secure at first blush. The first time you use Cryptocat, you might also find it confusing, which is odd, given that its goal is to be fast and easy to use, as well as disposable. As in Editors' Choice Wickr, there's no account creation, just two blank fields for a user nickname and "conversation name." The browser version is much richer, with mouse-over popups explaining how to use the service. Here's the gist of it: Entering the name of a conversation creates a new chat room. You can share this chat room name with your friends through other means—over the phone or, ideally, in person. Anyone can join any conversation simply by typing in its exact name. For example, enter the conversation name "lobby" and you'll be dumped into a massive group chat of strangers.

With no accounts for users, you simply pick any nickname you like. The only limitation: the names other users in a particular conversation have already taken. If you enter "pcmagbro" in the conversation "brotalk77" and I'm already using that nickname, Cryptocat won't let you join. Sorry, bro. The nickname from your previous session will be filled in automatically, but it might not be available the next time you try to use it.

It took me a while to get the hang of Cryptocat, but I can see the security advantages. No accounts mean that there are no accounts to hack, and open chatrooms mean an infinite number of places to hide your conversation. It's easy to use, but it may take you some time to get used to it since it's so different from mainstream chat services.

Cryptochatting Each conversation is represented by retro-style angular chat bubbles on a blue background. Messages appear promptly after sending, and you can see when other users are typing. There are no emojis, but the app automatically converts some smileys into cat faces. Users already in the chat room appear at the top of the screen, but their message history does not. You'll quickly discover that Cryptocat is a text-only affair, like the screen-shot defeating messaging service Confide.

If leave Cryptocat without logging out, the app will send you push notifications for activity in your conversation or private chat. It will also give you a one-minute warning when your session is about to expire—about three and a half minutes after you leave Cryptocat. Compare this with Whatsapp or Hangouts, which are always on.

Tapping Buddies in the upper left shows other users in the conversation. Tapping on a name starts a private chat, distinct from the main conversation. You can toggle back and forth using the Conversation link. Private conversations work just like group chats; they were mostly non-functional in an earlier version of the app but seem to be working now.

All users have unique number and letter strings assigned to them, along with the conversations they're participating in. This is called a Fingerprint. You can view users' group and private Fingerprints by tapping their names. You can use the private Fingerprint to confirm that the person on the other end of your Cryptocat conversation is who he or she claim to be. The app advises you to call users over the phone, or by some other means, and ask them to tell you their key. If it's someone carrying out a man-in-the-middle type attack, the key will be different than the one on your screen. During my initial testing, viewing this information caused the app to crash, but this problem was swiftly fixed in an update. You can view your own fingerprints in the upper-right Me menu.

The browser version has an easier built-in solution, which uses a shared secret to confirm that someone hasn't intercepted your session; this is similar to what RedPhone does. Of course, just because you've confirmed the person's account does not mean that you've confirmed his or her identity. I could create an account called EdSnowdenReal, and give you my fingerprint ID, but I'm not Edward Snowden.

Centered on Security At the heart of Cryptocat is the Off The Record (OTR) protocol, which is used to achieve perfect forward secrecy. This means that each message is secured with a unique pair of encryption keys. Even if an attacker successfully decrypts one message, she couldn't use the same method to decrypt other, future (or past) messages.

OTR also makes it impossible to prove that a specific user sent a specific message, since the messages aren't digitally signed. That's why any user can use any user name in Cryptocat. It can be a bit annoying, but if you were leaking classified documents to the press, you might not want proof that a conversation had occurred, or that you were a part of it.

To its credit, Cryptocat makes it clear that it's not a magic-bullet security solution. The company points out in their documentation that while your messages are encrypted, the service does not hide your IP address and recommends that users access it via Tor if that's a concern. The company also warns against keyloggers and "untrustworthy people" on the service as other potential security pitfalls and should be commended for doing so.

Cryptocat Out of the Bag Cryptocat couldn't be simpler, and its commitment to security is obvious in its acknowledgment of its own service's limitations. The developer also deserves credit for working hard to improve the app. When I began testing, the app crashed frequently and had several incomplete features. Those were swiftly fixed, along with other iOS-specific security concerns.

Cryptocat isn't going to replace your existing instant message or SMS service. It's limited only to text, and it lacks features like profiles and status messages. It's very easy to use, lowering the bar for acceptance, but it takes a fair amount of effort to coordinate an encrypted session. And just because it's easy doesn't mean it will make sense right away.

To me, Cryptocat is a great utility. When you need to carry out a secure conversation, it's ready and easy to use. But it isn't yet a seamless personal service. For a secure messaging that's more familiar, Editors' Choice Wickr is a solid product, as is Confide.

Max Eddy is a Junior Software Analyst investigating the latest and greatest apps for Android. Paranoid by nature, he's also keeping an eye on emerging threats and countermeasures at SecurityWatch with Neil Rubenking and Fahmida...

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service